D-Link DWS-1008 User Manual page 282
Wireless 8 port switch with poe
Hide thumbs
Also See for DWS-1008:
- Cli reference manual (531 pages) ,
- Product manual (502 pages) ,
- Installation manual (17 pages)
Table of Contents
Advertisement
DWS-1008 User's Manual
Local Override Exception
The one exception to the operation described in AAA Rollover Process takes place if the local
database is the first method in the list and is followed by a RADIUS server group method. If
the local method fails to find a matching username entry in the local database, the switch tries
the next RADIUS server group method. This exception is referred to as local override.
If the local database is the last method in the list, however, local authentication must either
accept or deny the user, because it has no other method to roll over to.
Remote Authentication with Local Backup
You can use a combination of authentication methods. In pass-through authentication, AAA
processing is passed through the switch and performed remotely by RADIUS servers. If
RADIUS servers are unavailable, local authentication can take place on the switch.
Suppose an administrator wants to rely on RADIUS servers and also wants to ensure
that a certain group of users always gets access. As shown in the following example, the
administrator can configure pass-through authentication by a RADIUS server group as the
first method for these users and configure local authentication last, in case the RADIUS
servers are unavailable.
1. To configure server-1 and server-2 at IP addresses 192.168.253.1 and
192.168.253.2 with the password chey3nn3, the administrator enters the following
commands:
DWS-1008# set radius server server-1 address 192.168.253.1 key chey3nn3
DWS-1008# set radius server server-2 address 192.168.253.2 key chey3nn3
2. To configure server-1 and server-2 into server-group-1, the administrator enters the
following command:
DWS-1008# set server group server-group-1 members server-1 server-2
3. To enable pass-through plus local authentication for all users of SSID mycorp at
@example.com, the administrator enters the following command.
DWS-1008# set authentication dot1x ssid mycorp *@example.com pass-
through server-group-1 local
Authentication proceeds as follows:
1. When user Jose@example.com attempts authentication, the switch sends an
authentication request to the first AAA method, which is server-group-1.
Because server-group-1 contains two servers, the first RADIUS server, server-1, is
contacted. If this server responds, the authentication proceeds using server-1.
2. If server-1 fails to respond, the switch retries the authentication using server-2. If
server-2 responds, the authentication proceeds using server-2.
D-Link Systems, Inc.
Configuring AAA for Network Users
277
Advertisement
Table of Contents
